Opened 5 years ago

Closed 5 years ago

#1801 closed bug (fixed (in master))

Game crash when targeting self

Reported by: PowerWyrm Owned by:
Milestone: Triage Keywords:
Cc:

Description

To reproduce:

  • press any looking/targeting command
  • press 'p' (replaces cursor on player)
  • press 't' (target)

Note: this is really really hard to reproduce and will happen randomly. I checked the code, and found that this is a memory access problem.

Targeting via 'p' calls target_set_location() which sets target_who with cave_monster_at(cave, y, x). Now here's the code for cave_monster_at():

/**
 * Get a monster on the current level by its index.
 */
struct monster *cave_monster(struct cave *c, int idx) {
	return &c->monsters[idx];
}

/**
 * Get a monster on the current level by its position.
 */
struct monster *cave_monster_at(struct cave *c, int y, int x) {
	struct monster *mon = cave_monster(c, c->m_idx[y][x]);
	return mon->race ? mon : NULL;
}

The problem is that, when you target the player at position (y, x), c->m_idx[y][x] is equal to -1. So cave_monster() returns &c->monsters[-1] which is out of bounds and accesses a random memory block, which can be allocated (no crash) or not (crash in cave_monster_at when you do mon->race).

Easy fix:

struct monster *cave_monster_at(struct cave *c, int y, int x)
{
    if (c->m_idx[y][x] > 0)
    {
        struct monster *mon = cave_monster(c, c->m_idx[y][x]);

        return (mon->race? mon: NULL);
    }

    return NULL;
}

Change History (1)

comment:1 Changed 5 years ago by takkaria

  • Resolution set to fixed (in master)
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.